|Original url: http://wired-vig.wired.com/news/politics/0,1283,32097,00.html|
|Published: October 26, 1999 Wired.com by Declan McCullagh|
WASHINGTON -- Plenty of people worry about their privacy online, but few consider that someone may be eavesdropping on what they're typing -- through a wall or even across the street.
It's something government snoops have been able to do for at least the last decade, according to newly released documents from the US National Security Agency. (NSA) Spy agencies have dubbed the concept TEMPEST, a code name for technologies used to intercept and decipher the electromagnetic signals that all computers emit
Spooks have known about TEMPEST technologies at least since the 1960s -- some people have even patented ways to shield computers. But details that aren't classified have been relatively scarce.
"People don't know it's out there as a snooping threat," says Young, an architect-turned-archivist who collects cryptographic documents. "Defense contractors have it but it's under nondisclosure. It's pretty carefully guarded."
One study -- one of the few that's not classified -- performed by UK researchers Ross Anderson and Markus Kuhn showed that it was possible to capture images from a remote computer monitor. Government-spec shielded systems ward against this, but are more expensive and in limited supply in the private sector.
What's the most interesting thing Young has found in the 184 pages of technical standards and jargon the NSA handed him?
"They're able to do standoff surveillance without tapping," said Young. "That's the most lethal thing in there."
About half of the pages are blanked out with thick black lines, and nearly all of the vital numbers -- signaling rates, maximum data bandwidth, and frequencies -- are redacted. Citing "national security," the NSA released only two of the 24 documents Young requested.
One of those two documents, entitled "Compromising Emanations Laboratory Test Requirements, Electromagnetics" was prepared by the NSA's Telecommunications and Information Systems Security group. It describes test procedures for measuring the radiation emitted from a computer -- both through radio waves and through telephone, serial, network, or power cables attached to it.
The radiation limits that the documents specify apparently are used by military bases, contractors, embassies, and some other government offices to protect their computers from surveillance.
The second document the NSA released describes the agency's "Technical Security Program," which is responsible for assessing electronic security and providing "technical security facility countermeasures."
The program also sets security standards for the NSA and its contractors, devises training requirements, and lends the agency's expertise "to other DoD components or other US government departments and agencies."
John Gilmore, co-founder of the Electronic Frontier Foundation, says a lawsuit may be necessary to force the NSA to turn over the remaining 22 documents. "NSA is just playing its usual delay, delay, delay game -- not following the law, and requiring citizens to sue it to make it follow the law."
Young has sent an appeal to the NSA protesting what the agency says is "proper" classification as secret documents. "The documents are classified because their disclosure could reasonably be expected to cause serious damage to the national security," the NSA says.
Privacy experts say that although spy agencies may use TEMPEST technology all too frequently, the law probably would limit how such evidence could be used in a criminal prosecution.
"They would need a court order based on probable cause and the court would likely require them to be compliant with the wiretap statute simply because it's so close to what's covered," says Dave Banisar, co-author of The Electronic Privacy Papers.
And who says the NSA doesn't have a sense of humor? One of the documents cites a new codeword not made public before: TEAPOT.
"TEAPOT: A short name referring to the investigation, study, and control of intentional compromising emanations (i.e., those that are hostilely induced or provoked) from telecommunications and automated information systems equipment."
(c) 2001,2002,2003,2004,2005,2006, 2007 DemocraticFundamentalism.org, All Rights Reserved